Prometheus

Don’t let Prometheus Steal your FireJFrog

exposed administration interfaces

Prometheus provides an optional management API which can be enabled via the command line flags web.enable-admin-api and web.enable-lifecycle. These endpoints allow deletion of all saved metrics and shutting down of the monitoring server, respectively.

The endpoints are disabled by default, but in a non-secure deployment, an attacker can query the status of these settings from the API endpoint /api/v1/status/flags to check if they have been manually enabled:

{
    "status": "success",
        "data": {
            "web.enable-admin-api": "true",
            "web.enable-lifecycle": "false",
        }
}

PreviousSeaweedFS NextFlagger

Last updated 3 months ago